OpenClaw Role Bypass Vulnerability in Token Rotation Function
Vulnerability
A role bypass vulnerability has been identified in OpenClaw versions prior to 2026.4.8, specifically within the device.token.rotate function. This vulnerability allows the minting of tokens for unapproved roles by bypassing the device role-upgrade pairing process. As a result, attackers could preserve or create roles and scopes that had not received the necessary approval.
Impact
Exploitation of this vulnerability allows for the unauthorized minting or preservation of roles and scopes in the OpenClaw trust model, which could lead to unauthorized access or actions within the application.
Reproduction
The vulnerability can be reproduced by calling the device.token.rotate function in an OpenClaw version prior to 2026.4.8. This function will mint tokens for unapproved roles, bypassing the intended role-upgrade pairing process.
Remediation
Users can upgrade to OpenClaw version 2026.4.8 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.